Skip to main content
SpringerLink
Log in

HCI Requirements for Transparency and Accountability Tools for Cloud Service Chains

  • Chapter
  • First Online:
Accountability and Security in the Cloud (A4Cloud 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8937))

Included in the following conference series:

Abstract

This paper elaborates HCI (Human-Computer Interaction) requirements for making cloud data protection tools comprehensible and trustworthy. The requirements and corresponding user interface design principles are derived from our research and review work conducted to address in particular the following HCI challenges: How can the users be guided to better comprehend the flow and traces of data on the Internet and in the cloud? How can individual end users be supported to do better informed decisions on how their data can be used by cloud providers or others? How can the legal privacy principle of transparency and accountability be enforced by the user interfaces of cloud inspection tools? How can the user interfaces help users to reassess their trust/distrust in services? The research methods that we have used comprise stakeholder workshops, focus groups, controlled experiments, usability tests as well as literature and law reviews. The derived requirements and principles are grouped into the following functional categories: (1) ex-ante transparency, (2) exercising data subject rights, (3) obtaining consent, (4) privacy preference management, (5) privacy policy management, (6) ex-post transparency, (7) audit configuration, (8) access control management, and (9) privacy risk assessment. This broad categorization makes our results accessible and applicable for any developer within the field of usable privacy and transparency-enhancing technologies for cloud service chains.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    A ‘data subject’ is a natural person about whom personal data are processed.

  2. 2.

    Under Article 29 of the Data Protection Directive, a Working Party on the Protection of Individuals with regard to the Processing of Personal Data is established, made up of the Data Protection Commissioners from the Member States together with a representative of the European Commission. The Working Party is independent and acts in an advisory capacity. The Working Party seeks to harmonize the application of data protection rules throughout the EU, and publishes opinions and recommendations on various data protection topics.

  3. 3.

    These areas were motivated by a range of studies, in particular Brandimarte et al. [36], Gross and Acquisti [27], Hoadley et al. [37], Ion et al. [38], Langer [39], Marshall and Tang [40], Tversky and Kahneman [41], and Xu [42].

References

  1. Angulo, J., Fischer-Hübner, S., Pettersson, J.S.: General HCI principles and guidelines for accountability and transparency in the cloud. A4Cloud Deliverable D:C-7.1, September 2013 (2013)

    Google Scholar 

  2. Pearson, S., Tountopoulos, V., Catteddu, D., Sudholt, M., Molva, R., Reich, C., Fischer-Hübner, S., Millard, C., Lotz, V., Jaatun, M.G.: Accountability for cloud and other future Internet services. In IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom), 2012. IEEE (2012)

    Google Scholar 

  3. Hildebrandt, M.: Behavioural biometric profiling and transparency enhancing tools. FIDIS Deliverable D7.12, March 2005. FIDIS EU project (2009)

    Google Scholar 

  4. Fischer-Hübner, S., Angulo, J., Pulls, T.: How can cloud users be supported in deciding on, tracking and controlling how their data are used? In: Hansen, M., Hoepman, J.-H., Leenes, R., Whitehouse, D. (eds.) Privacy and Identity 2013. IFIP AICT, vol. 421, pp. 77–92. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  5. Angulo, J., Wästlund, E., Högberg, J.: What would it take for you to tell your secrets to a cloud? - studying decision factors when disclosing information to cloud services. In: Bernsmed, K., Fischer-Hübner, S. (eds.) NordSec 2014. LNCS, vol. 8788, pp. 129–145. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  6. Beckerle, M., Martucci, L.A.: Formal definitions for usable access control rule sets from goals to metrics. In: Proceedings of the Ninth Symposium on Usable Privacy and Security (SOUPS 2013), New Castle, UK, 24–26 July. ACM (2013)

    Google Scholar 

  7. Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: The Proceedings of the 8th USENIX Security Symposium (1999)

    Google Scholar 

  8. Nielsen, J.: Usability inspection methods. In: Conference Companion on Human Factors in Computing Systems. ACM (1995)

    Google Scholar 

  9. Johnston, J., Eloff, J.H., Labuschagne, L.: Security and human computer interfaces. Comput. Secur. 22(8), 675–684 (2003)

    Article  Google Scholar 

  10. Yee, K.: Aligning security and usability. IEEE Secur. Priv. 2(5), 48–55 (2004)

    Article  Google Scholar 

  11. Garfinkel, S.: Design principles and patterns for computer systems that are simultaneously secure and usable. Massachusetts Institute of Technology (2005)

    Google Scholar 

  12. Dhamija, R., Dusseault, L.: The seven flaws of identity management: usability and security challenges. IEEE Secur. Priv. 6(2), 24–29 (2008)

    Article  Google Scholar 

  13. Patrick, A.S., Kenny, S.: From privacy legislation to interface design: implementing information privacy in human-computer interactions. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 107–124. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  14. Patrick, A.S., Kenny, S., Holmes, C., van Breukelen, M.: Human computer interaction. In: van Blarkom, G.W., Borking, J.J., Olk, J.G.E. (eds.) Handbook of Privacy and Privacy-Enhancing Technologies: The Case of Intelligent Software Agents, pp. 249–290. College Bescherming Persoonsgegevens, Den Haag (2003)

    Google Scholar 

  15. European Commission: Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Office Journal L. 281. 23.11.1995 (1995)

    Google Scholar 

  16. Art. 29 Data Protection Working Party: Opinion 10/2004 on More Harmonised Information Provisions, 25 November 2004. European Commission (2004)

    Google Scholar 

  17. Pettersson, J.S.: HCI Guidelines. PRIME Deliverable D06.1.f. Final Version. PRIME project (2008)

    Google Scholar 

  18. International Standard Organization (ISO): Ergonomic requirements for office work with visual display terminals (VDTs)-Part 11: guidance on usability-Part 11 (ISO 9241-11:1998) (1998)

    Google Scholar 

  19. Pettersson, J.S., Fischer-Hübner, S., Danielsson, N., Nilsson, J., Bergmann, M., Clauss, S., Kriegelstein, T., Krasemann, H.: Making PRIME usable. In: Proceedings of the 2005 Symposium on Usable Privacy and Security (SOUPS 2005), Pittsburg, PA, USA. ACM (2005)

    Google Scholar 

  20. Graf, C., Hochleitner, C., Wolkerstorfer, P., Angulo, J., Fischer-Hübner, S., Wästlund, E., Hansen, M., Holtz, L.: Towards Usable Privacy Enhancing Technologies: Lessons Learned from the PrimeLife Project. PrimeLife Deliverable D4.1.6. PrimeLife (2011)

    Google Scholar 

  21. Wästlund, E., Wolkerstorfer, P., Köffel, C.: PET-USES: privacy-enhancing technology – users’ self-estimation scale. In: Bezzi, M., Duquenoy, P., Fischer-Hübner, S., Hansen, M., Zhang, G. (eds.) IFIP AICT 320. IFIP AICT, vol. 320, pp. 266–274. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  22. Alexander, C., Ishikawa, S., Silverstein, M.: Pattern Languages. Center for Environmental Structure. Oxford University Press, New York (1977)

    Google Scholar 

  23. PrimeLife WP4.1: HCI Pattern Collection – Version 2. In: Fischer-Hübner, S., Köffel, C., Pettersson, J., Wästlund, E., Zwingelberg, H. (eds.) PrimeLife Deliverable D4.1.3. PrimeLife (2010). http://www.primelife.eu/results/documents

  24. ECC-Net: Trust marks report 2013: “Can I trust the trust mark?”. The European Consumer Centres, Network (2013). www.konsumenteuropa.se/PageFiles/159275/Trust%20Mark%20Report%202013.pdf

  25. ENISA: On the security, privacy, and usability of online seals. An overview Version December 2013. European Union Agency for Network and Information Security (2013). www.enisa.europa.eu

  26. Spiekermann, S., Grossklags, J., Berendt, B.: E-privacy in 2nd generation e-commerce: privacy preferences versus actual behavior. In: Proceedings of the 3rd ACM Conference on Electronic Commerce, Tampa, Florida, USA. ACM (2001)

    Google Scholar 

  27. Gross, R., Acquisti, A.: Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, Pittsburg, PA, USA. ACM (2005)

    Google Scholar 

  28. European Commission: Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). COM (2012) 11 Final. Brussels, 25.1.2012 (2012)

    Google Scholar 

  29. International Standard Organization (ISO): 25010-2011. Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – System and software quality models (2011)

    Google Scholar 

  30. International Standard Organization (ISO): 9241-210: 2009. Ergonomics of human system interaction-Part 210: Human-centred design for interactive systems (formerly known as 13407) (2010)

    Google Scholar 

  31. Wästlund, E., Angulo, J., Fischer-Hübner, S.: Evoking comprehensive mental models of anonymous credentials. In: Camenisch, J., Kesdogan, D. (eds.) iNetSec 2011. LNCS, vol. 7039, pp. 1–14. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  32. Maguire, M., Bevan, N.: User requirements analysis. In: Hammond, J., Gross, T., Wesson, J. (eds.) Usability. IFIP — The International Federation for Information Processing, vol. 99, pp. 133–148. Springer, New York (2002)

    Chapter  Google Scholar 

  33. Owen, H.: Open Space Technology: A User’s Guide. Berrett-Koehler Publishers, San Francisco (2008)

    Google Scholar 

  34. Brown, J., Isaacs, D.: The World Café: Shaping Our Futures Through Conversations that Matter. Berrett-Koehler Publishers, San Francisco (2005)

    Google Scholar 

  35. Bernard, H.R.: Research Methods in Cultural Anthropology. Sage, Newbury Park (1988)

    Google Scholar 

  36. Brandimarte, L., Acquisti, A., Loewenstein, G.: Misplaced confidences: privacy and the control paradox. Social Psychological and Personality Science 4(3), 340–347 (2012). SAGE Publications

    Article  Google Scholar 

  37. Hoadley, C.M., Xu, H., Lee, J.J., Rosson, M.B.: Privacy as information access and illusory control: The case of the Facebook News Feed privacy outcry. Electron. Commer. Res. Appl. 9(1), 50–60 (2010)

    Article  Google Scholar 

  38. Ion, I., Sachdeva, N., Kumaraguru, P., Capkun, S.: Home is safer than the cloud!: privacy concerns for consumer cloud storage. In: Proceedings of the Seventh Symposium on Usable Privacy and Security, Pittsburg, PA, USA, p. 13:1. ACM (2011)

    Google Scholar 

  39. Langer, E.J.: The illusion of control. J. Pers. Soc. Psychol. 32(2), 311 (1975)

    Article  Google Scholar 

  40. Marshall, C., Tang, J.C.: That syncing feeling: early user experiences with the cloud. In: Proceedings of the Designing Interactive Systems Conference. ACM (2012)

    Google Scholar 

  41. Tversky, A., Kahneman, D.: The framing of decisions and the psychology of choice. In: Wright, G. (ed.) Behavioral Decision Making, pp. 25–41. Springer, New York (1985)

    Chapter  Google Scholar 

  42. Xu, H.: The effects of self-construal and perceived control on privacy concerns. In: Proceedings of the 28th Annual International Conference on Information Systems (ICIS 2007) (2007)

    Google Scholar 

  43. Jaspers, M.W.M., Steen, T., van den Bos, C., Geenen, M.: The think aloud method: a guide to user interface design. Int. J. Med. Inform. 73(11–12), 781–795 (2004)

    Article  Google Scholar 

  44. Rubin, J., Chisnell, D.: Handbook of Usability Testing: How to Plan, Design, and Conduct Effective Tests. Wiley Publ., Indianapolis (2008)

    Google Scholar 

  45. Pettersson, J.S., Fischer-Hübner, S., Bergmann, M.: Outlining “Data Track”: privacy-friendly data maintenance for end-users. In: Wojtkowski, W., Wojtkowski, W.G., Zupancic, J., Magyar, G., Knapp, G. (eds.) Advances in Information Systems Development, pp. 215–226. Springer, New York (2007)

    Chapter  Google Scholar 

  46. Wästlund, E., Fischer-Hübner, S.: End User Transparency Tools: UI Prototypes. PrimeLife Deliverable D.4.2.2. PrimeLife project (2010)

    Google Scholar 

  47. Pulls, T.: Privacy-friendly cloud storage for the data track. In: Jøsang, A., Carlsson, B. (eds.) NordSec 2012. LNCS, vol. 7617, pp. 231–246. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  48. Freeman, L.C.: Visualizing social networks. J. Soc. Struct. 1(1), 4 (2000)

    Google Scholar 

  49. Becker, R.A., Eick, S.G., Wilks, A.R.: Visualizing network data. IEEE Trans. Vis. Comput. Graph. 1(1), 16–28 (1995)

    Article  Google Scholar 

  50. Kani-Zabihi, E., Helmhout, M.: Increasing service users’ privacy awareness by introducing on-line interactive privacy features. In: Laud, P. (ed.) NordSec 2011. LNCS, vol. 7161, pp. 131–148. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  51. Kolter, J., Netter, M., Pernul, G.: Visualizing past personal data disclosures. In: ARES 2010 International Conference on Availability, Reliability, and Security, 2010, p. 131. IEEE (2010)

    Google Scholar 

  52. Art. 29 Data Protection Working Party (2012). Opinion 5/2012 on Cloud Computing. European Commission, 1 July 2012

    Google Scholar 

  53. Art. 29 Data Protection Working Party (2010). Opinion 1/2010 on the concepts of “controller” and “processor”. European Commission, 16 February 2010

    Google Scholar 

  54. O’Neill, O.: A Question of Trust. CUP, Cambridge (2002)

    Google Scholar 

  55. Wamala, C.: Does IT count?: complexities between access to and use of information technologies among Uganda’s farmers. Luleå Tekniska universitet, Luleå (2010)

    Google Scholar 

  56. Lacohée, H., Crane, S., Phippen, A.: Trustguide: Final report. Trustguide, October 2006 (2006)

    Google Scholar 

  57. Angulo, J., Fischer-Hübner, S., Wästlund, E., Pulls, T.: Towards usable privacy policy display and management. Inf. Manag. Comput. Secur. 20(1), 4–17 (2012)

    Google Scholar 

  58. Andersson, C., Camenisch, J., Crane, S., Fischer-Hübner, S., Leenes, R., Pearson, S., Pettersson, J.S., Sommer, D.: Trust in PRIME. In: Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology. IEEE (2005)

    Google Scholar 

  59. Tsai, J.Y., Kelley, P., Drielsma, P., Cranor, L.F., Hong, J., Sadeh, N.: Who’s viewed you?: the impact of feedback in a mobile location-sharing application. In: CHI 2009 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM (2009)

    Google Scholar 

  60. Shin, D.: User centric cloud service model in public sectors: policy implications of cloud services. Gov. Inf. Q. 30, 194–203 (2013)

    Article  Google Scholar 

  61. Pearson, S.: Privacy, security and trust in cloud computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing, pp. 3–42. Springer, London (2013)

    Chapter  Google Scholar 

  62. Voida, A., Olson, J.S., Olson, G.M.: Turbulence in the clouds: challenges of cloud-based information work. In: CHI 2013 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM (2013)

    Google Scholar 

  63. Joinson, A.N., Reips, U.-D., Buchanan, T., Paine Schfield, C.B.: Privacy, trust, and self-disclosure online. Hum.-Comput. Interact. 25(1), 1–24 (2013)

    Article  Google Scholar 

Download references

Acknowledgements

This work has in part been financed by the European Commission, grant FP7-ICT-2011-8-317550-A4CLOUD.

We thank project co-workers that have contributed to the research with the help of whom these requirements were derived, especially Erik Wästlund, Leonardo Martucci, and Tobias Pulls. Besides, we thank W Kuan Hon from Queen Mary University London for very helpful comments.

Author information

Authors and Affiliations

  1. Karlstad University, Universitetsgatan 2, 651 88, Karlstad, Sweden

    Simone Fischer-Hübner, John Sören Pettersson & Julio Angulo

Authors
  1. Simone Fischer-Hübner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John Sören Pettersson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Julio Angulo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Simone Fischer-Hübner .

Editor information

Editors and Affiliations

  1. HP Labs, Bristol, United Kingdom

    Massimo Felici

  2. University of Malaga, Malaga, Spain

    Carmen Fernández-Gago

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Fischer-Hübner, S., Pettersson, J.S., Angulo, J. (2015). HCI Requirements for Transparency and Accountability Tools for Cloud Service Chains. In: Felici, M., Fernández-Gago, C. (eds) Accountability and Security in the Cloud. A4Cloud 2014. Lecture Notes in Computer Science(), vol 8937. Springer, Cham. https://doi.org/10.1007/978-3-319-17199-9_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17199-9_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17198-2

  • Online ISBN: 978-3-319-17199-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation